user sessions cleanup

src/backend/InvenTree/InvenTree/settings.py

@@ -204,6 +204,7 @@ INSTALLED_APPS = [
     # Core django modules
     'django.contrib.auth',
     'django.contrib.contenttypes',
+    'django.contrib.sessions',
     'django.contrib.humanize',
     'whitenoise.runserver_nostatic',
     'django.contrib.messages',
@@ -246,6 +247,7 @@ MIDDLEWARE = CONFIG.get(
     [
         'django.middleware.security.SecurityMiddleware',
         'x_forwarded_for.middleware.XForwardedForMiddleware',
+        'django.contrib.sessions.middleware.SessionMiddleware',
         'allauth.usersessions.middleware.UserSessionsMiddleware',  # DB user sessions
         'django.middleware.locale.LocaleMiddleware',
         'django.middleware.csrf.CsrfViewMiddleware',
@@ -812,13 +814,7 @@ if GLOBAL_CACHE_ENABLED:  # pragma: no cover
     # as well
     Q_CLUSTER['django_redis'] = 'worker'
 
-# database user sessions
+SILENCED_SYSTEM_CHECKS = ['templates.E003', 'templates.W003']
-SESSION_ENGINE = 'user_sessions.backends.db'
-LOGOUT_REDIRECT_URL = get_setting(
-    'INVENTREE_LOGOUT_REDIRECT_URL', 'logout_redirect_url', 'index'
-)
-
-SILENCED_SYSTEM_CHECKS = ['admin.E410', 'templates.E003', 'templates.W003']
 
 # Password validation
 # https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators

src/backend/InvenTree/InvenTree/urls.py

@@ -49,8 +49,6 @@ from .views import (
     CustomEmailView,
     CustomLoginView,
     CustomPasswordResetFromKeyView,
-    CustomSessionDeleteOtherView,
-    CustomSessionDeleteView,
     DatabaseStatsView,
     DynamicJsView,
     EditUserView,
@@ -357,17 +355,6 @@ classic_frontendpatterns = [
     path('settings/', include(settings_urls)),
     path('about/', AboutView.as_view(), name='about'),
     path('stats/', DatabaseStatsView.as_view(), name='stats'),
-    # DB user sessions
-    path(
-        'accounts/sessions/other/delete/',
-        view=CustomSessionDeleteOtherView.as_view(),
-        name='session_delete_other',
-    ),
-    re_path(
-        r'^accounts/sessions/(?P<pk>\w+)/delete/$',
-        view=CustomSessionDeleteView.as_view(),
-        name='session_delete',
-    ),
     # Single Sign On / allauth
     # overrides of urlpatterns
     path('accounts/email/', CustomEmailView.as_view(), name='account_email'),

src/backend/InvenTree/InvenTree/views.py

@@ -4,9 +4,7 @@ In particular these views provide base functionality for rendering Django forms
 as JSON objects and passing them to modal forms (using jQuery / bootstrap).
 """
 
-from django.contrib.auth import password_validation
 from django.contrib.auth.mixins import LoginRequiredMixin, PermissionRequiredMixin
-from django.core.exceptions import ValidationError
 from django.http import HttpResponse, HttpResponseRedirect, JsonResponse
 from django.shortcuts import redirect
 from django.template.loader import render_to_string
@@ -23,14 +21,13 @@ from allauth.account.views import EmailView, LoginView, PasswordResetFromKeyView
 from allauth.socialaccount.forms import DisconnectForm
 from allauth.socialaccount.views import ConnectionsView
 from djmoney.contrib.exchange.models import ExchangeBackend, Rate
-from user_sessions.views import SessionDeleteOtherView, SessionDeleteView
 
 import common.currency
 import common.models as common_models
 from part.models import PartCategory
 from users.models import RuleSet, check_user_role
 
-from .forms import EditUserForm, SetPasswordForm
+from .forms import EditUserForm
 from .helpers import is_ajax, remove_non_printable_characters, strip_html_tags
 
 
@@ -515,26 +512,6 @@ class CustomPasswordResetFromKeyView(PasswordResetFromKeyView):
     success_url = reverse_lazy('account_login')
 
 
-class UserSessionOverride:
-    """Overrides sucessurl to lead to settings."""
-
-    def get_success_url(self):
-        """Revert to settings page after success."""
-        return str(reverse_lazy('settings'))
-
-
-class CustomSessionDeleteView(UserSessionOverride, SessionDeleteView):
-    """Revert to settings after session delete."""
-
-    pass
-
-
-class CustomSessionDeleteOtherView(UserSessionOverride, SessionDeleteOtherView):
-    """Revert to settings after session delete."""
-
-    pass
-
-
 class CustomLoginView(LoginView):
     """Custom login view that allows login with urlargs."""
 

src/backend/InvenTree/templates/InvenTree/settings/user.html

@@ -5,7 +5,7 @@
 {% load inventree_extras %}
 {% load socialaccount %}
 {% load crispy_forms_tags %}
-{% load user_sessions i18n %}
+{% load i18n %}
 
 {% block label %}account{% endblock label %}
 
@@ -194,7 +194,7 @@
             <tr {% if object.session_key == session_key %}class="active"{% endif %}>
             <td>{{ object.ip }}</td>
             {% if object.user_agent or object.device %}
-            <td>{{ object.user_agent|device|default_if_none:unknown_on_unknown|safe }}</td>
+            <td>{{ object.user_agent|default_if_none:unknown_on_unknown|safe }}</td>
             {% else %}
             <td>{{ unknown_on_unknown }}</td>
             {% endif %}

src/backend/InvenTree/users/models.py

@@ -351,7 +351,6 @@ class RuleSet(models.Model):
             'error_report_error',
             'exchange_rate',
             'exchange_exchangebackend',
-            'user_sessions_session',
             # Django-q
             'django_q_ormq',
             'django_q_failure',

src/backend/requirements.in

@@ -28,7 +28,6 @@ django-sslserver                        # Secure HTTP development server
 django-stdimage                         # Advanced ImageField management
 django-taggit                           # Tagging support
 django-otp==1.3.0                       # Two-factor authentication (legacy to ensure migrations) https://github.com/inventree/InvenTree/pull/6293
-django-user-sessions                    # user sessions in DB
 django-weasyprint                       # django weasyprint integration
 djangorestframework                     # DRF framework
 djangorestframework-simplejwt[crypto]   # JWT authentication

src/backend/requirements.txt

@@ -353,7 +353,6 @@ django==4.2.12 \
     #   django-sslserver
     #   django-stdimage
     #   django-taggit
-    #   django-user-sessions
     #   django-weasyprint
     #   django-xforwardedfor-middleware
     #   djangorestframework
@@ -440,9 +439,6 @@ django-stdimage==6.0.2 \
 django-taggit==5.0.1 \
     --hash=sha256:a0ca8a28b03c4b26c2630fd762cb76ec39b5e41abf727a7b66f897a625c5e647 \
     --hash=sha256:edcd7db1e0f35c304e082a2f631ddac2e16ef5296029524eb792af7430cab4cc
-django-user-sessions==2.0.0 \
-    --hash=sha256:0965554279f556b47062965609fa08b3ae45bbc581001dbe84b2ea599cc67748 \
-    --hash=sha256:41b8b1ebeb4736065efbc96437c9cfbf491c39e10fd547a76b98f2312e11fa3e
 django-weasyprint==2.3.0 \
     --hash=sha256:2f849e15bfd6c1b2a58512097b9042eddf3533651d37d2e096cd6f7d8be6442b \
     --hash=sha256:807cb3b16332123d97c8bbe2ac9c70286103fe353235351803ffd33b67284735

tasks.py

@@ -85,7 +85,6 @@ def content_excludes(
         'exchange.exchangebackend',
         'common.notificationentry',
         'common.notificationmessage',
-        'user_sessions.session',
         'report.labeloutput',
         'report.reportoutput',
     ]